Hi there In our smtpserver.xml config we have relaying to outside domains restricted to two IP addresses with the authorizedAddresses tag. The authRequired tag is still commented out as per the default, which from reading the comments means that it's set to true (I think).
Last week someone managed to guess the password for one of our mail accounts on James (admittedly the password wasn't very secure, so lesson learned there). After that they were able to use our mail server to relay thousands and thousands of spam emails. Reinstalling everything and setting the password to something more secure has stopped this for the time being but it's not a long term solution. I wanted to check before going ahead that if I explicitly set authRequired to false, will this prevent anyone from logging in using AUTH LOGIN? I am hoping this will mean that only the IPs specified in authorizedAddresses will be able to relay to the outside world and AUTH LOGIN will always fail - I noticed that if I set it to false it still sends the prompt for a username so wanted to check. A bit more explanation of how these two work together would be really great. It would also be nice to find a way to get rid of these persistent attempts to log in: Id='-1423500801' User='' AUTH method LOGIN failed from bi...@xxxxxx.com@ 92.118.38.50 (We get these about every 4 seconds, always from different IP addresses and always trying different usernames). Thanks in advance! Matt -- Matt Pryor Software Developer The International Presence Group of Companies EMAIL: pr...@presencebpm.com URL: www.International-presence.com
